CVE-2023-5965 Information

Description

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5 via the update form which could lead to arbitrary PHP code execution.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm